<?#//v.3.1.1
#///////////////////////////////////////////////////////
#//  COPYRIGHT 2004 Phpauction.org ALL RIGHTS RESERVED//
#///////////////////////////////////////////////////////

require('../includes/config.inc.php');
include "loggedin.inc.php";
include $include_path.'time.inc.php';


unset($ERR);

#//
if($_POST[action] == "update" && phpa_securepost($_POST))
{

# Frederic  - XSS - Attacks
if (!PHP_4 )
{
  require_once './htmlpurifier/library/HTMLPurifier.auto.php';
  $config = HTMLPurifier_Config::createDefault();
  $config->set('Core', 'Encoding', 'ISO-8859-1');
  $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
  $config->set('HTML', 'AllowedElements', 'div,a,em,blockquote,p,code,pre,table,font,tbody,td,tr,b,strong,u,ul,li,ol');
  $purifier = new HTMLPurifier($config);
}
else
{
   require_once './class/phpauction_purify.php';
   $purifier = new HTMLPurifier();
   $purifier->allowed_tags(array("div","a","em","blockquote","p","code","pre","table","font","tbody","td","tr","b","strong","u","ul","li","ol" ));
}

$clean_html = $purifier->purify(stripslashes($_POST['aboutustext']));


        $_POST['aboutustext'] = $clean_html;

	#// Update database
	$query = "update PHPAUCTIONXL_settings SET
				  aboutus='$_POST[aboutus]',
				  aboutustext='".nl2br($clean_html)."'";
	$res = @mysql_query($query);
	if(!$res)
	{
		print "Error: $query<BR>".mysql_error();
		exit;
	}
	else
	{
		$ERR = $MSG_5079;
		$SETTINGS = $_POST;
	}
}


#//
$query = "SELECT aboutus,aboutustext FROM PHPAUCTIONXL_settings";
$res = @mysql_query($query);
if(!$res)
{
	print "Error: $query<BR>".mysql_error();
	exit;
}
elseif(mysql_num_rows($res) > 0)
{
	$SETTINGS = mysql_fetch_array($res);
}
?>
<HTML>
<HEAD>
<script type="text/javascript" src="../js/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
        mode : "textareas",
        theme : "advanced",
        language: "en",
        plugins : "table",
        theme_advanced_buttons1 : "backcolor, forecolor, bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo,link,unlink",
        theme_advanced_buttons2 : "fontselect, fontsizeselect, image",
        theme_advanced_buttons3 : "tablecontrols",
        theme_advanced_toolbar_location : "top",
        theme_advanced_toolbar_align : "left",
        force_br_newlines : "false",
        extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>

<link rel='stylesheet' type='text/css' href='style.css' />
<link href="css/main.css" rel="stylesheet" type="text/css">
<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#666666" alink="#000066" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="titulo">
        <tr> 
          <td class="icono"><img src="images/content_icon2.gif" width="28" height="27" ></td>
          <td class="breadcrumbs"><p><span><?=$MSG_25_0018?></span>&nbsp;&gt;&gt;&nbsp;<?=$MSG_5074?></p></td>
        </tr>
      </table></td>
  </tr>
  <tr>
    <td align="center" valign="middle">&nbsp;</td>
  </tr>
    <tr> 
    <td align="center" valign="middle">
<TABLE WIDTH=100% BORDER=0 cellpadding="0" cellspacing="0">
<TR>
<TD align="center">
<BR>
<FORM NAME=conf ACTION=<?=basename($_SERVER['PHP_SELF'])?> METHOD=POST>
	<TABLE WIDTH="95%" BORDER="0" class="base" cellpadding="0" cellspacing="0" >
		<TR>
			<TD class=title>
				<p><? print $MSG_5074; ?></p>
				</TD>
		</TR>
		<TR>
			<TD>

<TABLE WIDTH=100%  ALIGN="CENTER" cellpadding="0" cellspacing="0">
  <?
  if(isset($ERR))
  {
  ?>
  <TR BGCOLOR=yellow>
	<TD class=error COLSPAN="2"><p><? print $ERR; ?></p></TD>
  </TR>
  <?
  }
  ?>
  <TR VALIGN="TOP">
	<TD WIDTH=125 HEIGHT="22" class="line">
	  <p><?=$MSG_5077?></p></TD>
	<TD WIDTH="375" HEIGHT="22" class="line">
	  <?=$MSG_5076?><BR>
	  <INPUT TYPE="radio" NAME="aboutus" VALUE="y" <?if($SETTINGS[aboutus] == "y") print " CHECKED"?>>
	  <? print $MSG_030; ?>
	  <INPUT TYPE="radio" NAME="aboutus" VALUE="n" <?if($SETTINGS[aboutus] == "n") print " CHECKED"?>>
	  <? print $MSG_029; ?>
	  </TD>
  </TR>
  <TR VALIGN="TOP">
	<TD WIDTH=125 HEIGHT="22">
	  <p><? print $MSG_5078; ?></p>
	  </TD>
	<TD WIDTH="575" HEIGHT="22">
          <BR>
	  <textarea name="aboutustext" cols="65"
	  rows="15"><?=stripslashes(stripslashes($SETTINGS[aboutustext]))?></textarea>
	  </TD>
  </TR>
  <TR VALIGN="TOP">
	<TD WIDTH=125 HEIGHT="22">&nbsp;</TD>
	<TD WIDTH="375" HEIGHT="22">&nbsp;</TD>
  </TR>
  <TR>
	<TD WIDTH=125 class="gris">
	  <INPUT TYPE="hidden" NAME="action" VALUE="update" /> <INPUT TYPE="hidden" NAME="security" VALUE="<?php echo $_SESSION['security'];?>" />
	</TD>
	<TD WIDTH="375" class="gris">
	  <INPUT TYPE="submit" NAME="act" VALUE="<? print $MSG_530; ?>" class="action">
	</TD>
  </TR>
  <TR>
	<TD WIDTH=109></TD>
	<TD WIDTH="375"> </TD>
  </TR>
</TABLE>
			</TD>
		</TR>
	</TABLE>
	</FORM>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
